Follow Up

Summary

This component allows an auditor to explain and get feedback on their report as well as evaluate the success of the process over time through a continued relationship with the host.

This component consists of the final meeting with the host and following up with them after a period of a few months to see if they need further assistance, are willing to share their experience working with any of the recommended resources, or as new resources are identified.

Purpose

Follow up can be a valuable tool for encouraging an organization to continue their digital security process. But, follow up needs to be desired by an organization and achievable for the auditor. As such, follow up must be minimally intrusive on both the auditor and the host's time.

Guiding Questions

What are the barriers the organization faced in implementing the recommended risk mitigation plan?
Are there new resources that the auditor can provide to supplement the original audit?
What can you do to make your follow up perceived as additional support instead of as an evaluation of their success?

Operational Security

In addition to ongoing secure communication practices, check for any changes in keys or other authentication changes. If these occur re-verify this information using out of band means.

Preparation

Baseline Skills

Secure communications options to conduct follow-up discussions with organization

Outputs

References

follow_up:

resource_identification:

Directory: "Selected International and Regional Organisations providing support to HRD" (Workbook on Security: Practical Steps for Human Rights Defenders at Risk)
Directory: "Security Training Firms" (CPJ)
Digital Emergency Contacts: "Seeking Remote Help" (The Digital First Aid Kit)
Directory: "Resource Handbook" (Center for Investigative Journalism)
Guide: "Additional Resources: p. 298" (Operational Security Management in Violent Environments (Revised Edition))